Summary
The host is running PHP and is prone to Buffer Overflow vulnerability.
Impact
Successful exploitation could allow attackers to potentially compromise a vulnerable system.
Impact Level: System
Solution
Apply patches from SVN repository,
http://svn.php.net/viewvc?view=revision&revision=289557
*****
NOTE: Ignore this warning if patch is already applied.
*****
Insight
The flaw is due to error in '_gdGetColors' function in gd_gd.c which fails to check certain colorsTotal structure member, whicn can be exploited to cause buffer overflow or buffer over-read attacks via a crafted GD file.
Affected
PHP version 5.2.x to 5.2.11 and 5.3.0 on Linux.
References
Severity
Classification
-
CVE CVE-2009-3546 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Reader 'File Extension' Buffer Overflow Vulnerability (Windows)
- Buffer overflow in Apple Quicktime Player
- CA Internet Security Suite Plus 'KmxSbx.sys' Buffer Overflow Vulnerability
- Attachmate Reflection FTP Client LIST Command Remote Heap Buffer Overflow Vulnerability
- Cscope Multiple Buffer Overflow vulnerability